MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemusStealer

Vendor detections: 15

Intelligence 15 IOCs YARA File information Comments

SHA256 hash:	73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125
SHA3-384 hash:	498b55dae52c364ad305a32b176eb02f5543b1cc74d9f1f577026c0b3bc11ffdfcfba53cc5f1b5851ac4800d5188248f
SHA1 hash:	ae95cbc2f008efcee780cc1a08dbe3117e8224c4
MD5 hash:	5826212251e6f7d83974e47fe64fd083
humanhash:	oregon-carpet-paris-paris
File name:	73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125
Download:	download sample
Signature	RemusStealer Create hunting rule
File size:	230'912 bytes
First seen:	2026-06-05 06:53:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c81db0a320cdad5ab41c9a291ea9b6e9 (13 x RemusStealer, 11 x Smoke Loader)
ssdeep	3072:PMkiQ0Ti78ZGAttez2m7sKNqQNmTVm9he0xoyW3kOGnLwBsYC:BsG78sATmZbNmhQa34nsC
TLSH	T1A834296BC25330FCD553C07892662332AB73BA3847754EE70692D7358E61EC06E7BA25
TrID	51.9% (.EXE) Win64 Executable (generic) (6522/11/2) 16.1% (.EXE) OS/2 Executable (generic) (2029/13) 15.9% (.EXE) Generic Win/DOS Executable (2002/3) 15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	Click-Hijacking-TDS exe RemusStealer

Intelligence

File Origin

# of uploads :

# of downloads :

140

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

_73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125.exe

Verdict:

Malicious activity

Analysis date:

2026-06-05 07:16:36 UTC

Tags:

stealer remus

Link:

https://app.any.run/tasks/444fd8eb-47c1-45d0-9993-cd2dbd1a298a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/69133/

Detection(s):

SecuriteInfo.com.Win64.Agent-IT.33237322.UNOFFICIAL

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a22726757b7bf261d611015

Tags:

phishing virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Using the Windows Management Instrumentation requests

Connection attempt to an infection source

Query of malicious DNS domain

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

adaptive-context

Link:

https://www.filescan.io/uploads/6a22725e099ef368af210c2e/reports/531bef02-e6c0-4e96-b50c-3ee357e736af/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-03-04T05:54:00Z UTC

Last seen:

2026-04-10T01:45:00Z UTC

Hits:

~10

Detections:

Trojan.Win64.Agent.smfrin Trojan.Win32.Agent.gen

Link:

https://opentip.kaspersky.com/73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/e9505381-65e0-4fbe-ae76-797df1725aa1

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125/

Verdict:

Malicious

Threat:

Family.REMUSSTEALER

Link:

https://tip.neiki.dev/file/73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125

Threat name:

Win64.Trojan.Lazy

Status:

Malicious

First seen:

2026-03-04 14:01:00 UTC

File Type:

PE+ (Exe)

AV detection:

19 of 24 (79.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=opqzqc36addr6nwv7f2johvuogcfesfiw62evu7ox6cp3tq6oesq._file

Verdict:

malicious

Label(s):

remus

Similar samples:

error

RemusStealer

Result

Malware family:

remus_stealer

Score:

10/10

Tags:

family:remus_stealer botnet:b50ff7bc0136ba6a8d092a8353d68d04 stealer

Link:

https://tria.ge/reports/260605-hnqhesds2j/

Malware Config

C2 Extraction:

http://ropea.top:28313
http://coox.live:28313
http://baxe.pics:48261

Unpacked files

SH256 hash:

73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125

MD5 hash:

5826212251e6f7d83974e47fe64fd083

SHA1 hash:

ae95cbc2f008efcee780cc1a08dbe3117e8224c4

Link:

https://www.unpac.me/results/90de89bf-6ab4-44b1-b20a-f503ed75adfe/

Malware family:

RemusLogger

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/73e1980b7e00/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/73e1980b7e00c71f36d5f974971eb471845248a8b7b44ad3eebf84fdce1e7125

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/69133/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample